[Pkg-phototools-devel] exif_0.6.19-1_amd64.changes ACCEPTED
Accepted: exif_0.6.19-1.diff.gz to main/e/exif/exif_0.6.19-1.diff.gz exif_0.6.19-1.dsc to main/e/exif/exif_0.6.19-1.dsc exif_0.6.19-1_amd64.deb to main/e/exif/exif_0.6.19-1_amd64.deb exif_0.6.19.orig.tar.gz to main/e/exif/exif_0.6.19.orig.tar.gz Override entries for your package: exif_0.6.19-1.dsc - source graphics exif_0.6.19-1_amd64.deb - optional graphics Announcing to debian-devel-chan...@lists.debian.org Thank you for your contribution to Debian. ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processing of exif_0.6.19-1_amd64.changes
exif_0.6.19-1_amd64.changes uploaded successfully to localhost along with the files: exif_0.6.19-1.dsc exif_0.6.19.orig.tar.gz exif_0.6.19-1.diff.gz exif_0.6.19-1_amd64.deb Greetings, Your Debian queue daemon (running on host ries.debian.org) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#557137: marked as done (libexif: CVE-2009-3895: heap buffer overflow when processing certain images)
Your message dated Thu, 19 Nov 2009 23:03:29 + with message-id and subject line Bug#557137: fixed in libexif 0.6.19-1 has caused the Debian Bug report #557137, regarding libexif: CVE-2009-3895: heap buffer overflow when processing certain images to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 557137: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557137 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: libexif12 Version: 0.6.18-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libexif. Vulnerability description[0]: > A flaw in libexif was discovered that causes a heap buffer to overflow > when certain invalid EXIF images are processed. The flaw occurs in the > tag fixup routine which attempts to convert in place an array of 8-bit > integers into 16-bit integers. This fixup is performed by default after > reading an image and until version 0.6.18 there was no easy way to disable > it, so it is likely that nearly all applications using libexif to read > images are vulnerable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://article.gmane.org/gmane.comp.graphics.libexif.devel/806 http://security-tracker.debian.org/tracker/CVE-2009-3895 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net --- End Message --- --- Begin Message --- Source: libexif Source-Version: 0.6.19-1 We believe that the bug you reported is fixed in the latest version of libexif, which is due to be installed in the Debian FTP archive: libexif-dev_0.6.19-1_amd64.deb to main/libe/libexif/libexif-dev_0.6.19-1_amd64.deb libexif12_0.6.19-1_amd64.deb to main/libe/libexif/libexif12_0.6.19-1_amd64.deb libexif_0.6.19-1.diff.gz to main/libe/libexif/libexif_0.6.19-1.diff.gz libexif_0.6.19-1.dsc to main/libe/libexif/libexif_0.6.19-1.dsc libexif_0.6.19.orig.tar.gz to main/libe/libexif/libexif_0.6.19.orig.tar.gz A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 557...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Emmanuel Bouthenot (supplier of updated libexif package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 19 Nov 2009 22:38:27 + Source: libexif Binary: libexif-dev libexif12 Architecture: source amd64 Version: 0.6.19-1 Distribution: unstable Urgency: high Maintainer: Debian PhotoTools Maintainers Changed-By: Emmanuel Bouthenot Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 557137 Changes: libexif (0.6.19-1) unstable; urgency=high . * New upstream release - fix CVE-2009-3895: heap buffer overflow during tag format conversion (Closes: #557137) Checksums-Sha1: bcec3517ed596467c40b352b6960d97b14f13d93 1348 libexif_0.6.19-1.dsc ce669ea945beb9cd636f0dd8f723d006138aa13c 1699222 libexif_0.6.19.orig.tar.gz 2fdab86139edbf4031a67982409ce73d92f11911 5392 libexif_0.6.19-1.diff.gz e0957828f6ef24222ae100c43cd482503182cf42 374436 libexif-dev_0.6.19-1_amd64.deb 4608b8d75f32719d82f309e3f13cad90739e7c26 505088 libexif12_0.6.19-1_amd64.deb Checksums-Sha256: ed3ba20379680dfcd8e6c466c0afdd5b9aea399183b76ba24a959d5283cca88d 1348 libexif_0.6.19-1.dsc b2d8a609f2900d94e6ed874197936cc45f3a84bc498382d56b389108abc9b228 1699222 libexif_0.6.19.orig.tar.gz 91d3cb5e4ed61f69fa1d3111851b0bbdec7fc506d2b9268649edccaab8136872 5392 libexif_0.6.19-1.diff.gz 1abd6b1369dbdf63e7296f954959fba568369400197aa1022ab9f23feba12a94 374436 libexif-dev_0.6.19-1_amd64.deb 59fe2f36b8b64de42a287924ff97aeb8bdc1c136a631dbf226df9bc58925100c 505088 libexif12_0.6.19-1_amd64.deb Files: 66f97c5adb9641396ae90eba5d577024 1348 libs optional libexif_0.6.19-1.dsc 986741d9e5e0cbf9642eb2893c885e8a 1699222 libs optional libexif_0.6.19.orig.tar.gz 2a1397503f99afd0e3c3b5150f770889 5392 libs optional libexif_0.6.19-1.diff.gz ba1057791fd9ce55d73043a74f0816d7 374436 libdevel optional libexif-dev_0.6.19-1_amd64.deb ca986f66d001a54c7fcfe5654dfc73c2 505088 libs optional libexif12_0.6.19-1_amd64.deb -BEGIN PGP SIGNATURE- Vers
[Pkg-phototools-devel] libexif_0.6.19-1_amd64.changes ACCEPTED
Accepted: libexif-dev_0.6.19-1_amd64.deb to main/libe/libexif/libexif-dev_0.6.19-1_amd64.deb libexif12_0.6.19-1_amd64.deb to main/libe/libexif/libexif12_0.6.19-1_amd64.deb libexif_0.6.19-1.diff.gz to main/libe/libexif/libexif_0.6.19-1.diff.gz libexif_0.6.19-1.dsc to main/libe/libexif/libexif_0.6.19-1.dsc libexif_0.6.19.orig.tar.gz to main/libe/libexif/libexif_0.6.19.orig.tar.gz Override entries for your package: libexif-dev_0.6.19-1_amd64.deb - optional libdevel libexif12_0.6.19-1_amd64.deb - optional libs libexif_0.6.19-1.dsc - source libs Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 557137 Thank you for your contribution to Debian. ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processing of libexif_0.6.19-1_amd64.changes
libexif_0.6.19-1_amd64.changes uploaded successfully to localhost along with the files: libexif_0.6.19-1.dsc libexif_0.6.19.orig.tar.gz libexif_0.6.19-1.diff.gz libexif-dev_0.6.19-1_amd64.deb libexif12_0.6.19-1_amd64.deb Greetings, Your Debian queue daemon (running on host ries.debian.org) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Processed: Re: Bug#557137: libexif: CVE-2009-3895: heap buffer overflow when processing certain images
Processing commands for cont...@bugs.debian.org: > tags 557137 + pending Bug #557137 [libexif12] libexif: CVE-2009-3895: heap buffer overflow when processing certain images Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
Re: [Pkg-phototools-devel] Bug#557137: libexif: CVE-2009-3895: heap buffer overflow when processing certain images
tags 557137 + pending thanks Hi Raphael, > the following CVE (Common Vulnerabilities & Exposures) id was > published for libexif. I will upload libexif and exif 0.6.19 soon. Regards, -- Emmanuel Bouthenot mail : kol...@openics.org gpg : 0x414EC36E xmpp : kol...@im.openics.org irc : kolter@(freenode|oftc) ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel
[Pkg-phototools-devel] Bug#557137: libexif: CVE-2009-3895: heap buffer overflow when processing certain images
Package: libexif12 Version: 0.6.18-1 Severity: serious Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libexif. Vulnerability description[0]: > A flaw in libexif was discovered that causes a heap buffer to overflow > when certain invalid EXIF images are processed. The flaw occurs in the > tag fixup routine which attempts to convert in place an array of 8-bit > integers into 16-bit integers. This fixup is performed by default after > reading an image and until version 0.6.18 there was no easy way to disable > it, so it is likely that nearly all applications using libexif to read > images are vulnerable. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://article.gmane.org/gmane.comp.graphics.libexif.devel/806 http://security-tracker.debian.org/tracker/CVE-2009-3895 Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net ___ Pkg-phototools-devel mailing list Pkg-phototools-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-phototools-devel